From 253d1c124f75a24e0d55674f9ffb57725b7632ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Tue, 14 Jan 2020 00:08:56 +0100 Subject: [PATCH] Make the relay_state optional in the response. If relay_state isn't part of the outgoing request, it won't come back as a response. In that case, the code wouldn't work. --- flask_saml2/sp/sp.py | 8 +++++--- flask_saml2/sp/views.py | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/flask_saml2/sp/sp.py b/flask_saml2/sp/sp.py index 7535958..7084f59 100644 --- a/flask_saml2/sp/sp.py +++ b/flask_saml2/sp/sp.py @@ -37,7 +37,7 @@ class ServiceProvider: def login_successful( self, auth_data: AuthData, - relay_state: str, + redirect_to: str, ) -> Response: """ Called when a user is successfully logged on. Subclasses should override this if they want to do more @@ -49,7 +49,9 @@ def login_successful( but they *must* call ``super()``. """ self.set_auth_data_in_session(auth_data) - return redirect(relay_state) + if not redirect_to: + redirect_to = self.get_login_return_url() + return redirect(redirect_to) # Service provider configuration @@ -168,7 +170,7 @@ def get_login_return_url(self) -> Optional[str]: for url in urls: if url is None: continue - url = self.make_absolute_url(url) + if self.is_valid_redirect_url(url): return url diff --git a/flask_saml2/sp/views.py b/flask_saml2/sp/views.py index 1c116b6..e48eb34 100644 --- a/flask_saml2/sp/views.py +++ b/flask_saml2/sp/views.py @@ -79,7 +79,7 @@ def do_logout(self, handler): class AssertionConsumer(SAML2View): def post(self): saml_request = request.form['SAMLResponse'] - relay_state = request.form['RelayState'] + relay_state = request.form.get('RelayState') for handler in self.sp.get_idp_handlers(): try: